diff mbox series

[v11,01/14] HP BIOSCFG driver - Documentation

Message ID 20230420165454.9517-2-jorge.lopez2@hp.com (mailing list archive)
State Changes Requested, archived
Headers show
Series HP BIOSCFG driver | expand

Commit Message

Jorge Lopez April 20, 2023, 4:54 p.m. UTC
HP BIOS Configuration driver purpose is to provide a driver supporting
the latest sysfs class firmware attributes framework allowing the user
to change BIOS settings and security solutions on HP Inc.’s commercial
notebooks.

Many features of HP Commercial notebooks can be managed using Windows
Management Instrumentation (WMI). WMI is an implementation of Web-Based
Enterprise Management (WBEM) that provides a standards-based interface
for changing and monitoring system settings. HP BIOSCFG driver provides
a native Linux solution and the exposed features facilitates the
migration to Linux environments.

The Linux security features to be provided in hp-bioscfg driver enables
managing the BIOS settings and security solutions via sysfs, a virtual
filesystem that can be used by user-mode applications. The new
documentation cover HP-specific firmware sysfs attributes such Secure
Platform Management and Sure Start. Each section provides security
feature description and identifies sysfs directories and files exposed
by the driver.

Many HP Commercial notebooks include a feature called Secure Platform
Management (SPM), which replaces older password-based BIOS settings
management with public key cryptography. PC secure product management
begins when a target system is provisioned with cryptographic keys
that are used to ensure the integrity of communications between system
management utilities and the BIOS.

HP Commercial notebooks have several BIOS settings that control its
behaviour and capabilities, many of which are related to security.
To prevent unauthorized changes to these settings, the system can
be configured to use a cryptographic signature-based authorization
string that the BIOS will use to verify authorization to modify the
setting.

Linux Security components are under development and not published yet.
The only linux component is the driver (hp bioscfg) at this time.
Other published security components are under Windows.

Signed-off-by: Jorge Lopez <jorge.lopez2@hp.com>

---
Based on the latest platform-drivers-x86.git/for-next
---
 .../testing/sysfs-class-firmware-attributes   | 98 ++++++++++++++++++-
 1 file changed, 96 insertions(+), 2 deletions(-)

Comments

Thomas Weißschuh April 22, 2023, 8:50 p.m. UTC | #1
On 2023-04-20 11:54:41-0500, Jorge Lopez wrote:
> Based on the latest platform-drivers-x86.git/for-next
> ---
>  .../testing/sysfs-class-firmware-attributes   | 98 ++++++++++++++++++-
>  1 file changed, 96 insertions(+), 2 deletions(-)
> 
> diff --git a/Documentation/ABI/testing/sysfs-class-firmware-attributes b/Documentation/ABI/testing/sysfs-class-firmware-attributes
> index 4cdba3477176..73d7b8fbc0b2 100644
> --- a/Documentation/ABI/testing/sysfs-class-firmware-attributes
> +++ b/Documentation/ABI/testing/sysfs-class-firmware-attributes
> @@ -22,6 +22,12 @@ Description:
>  			- integer: a range of numerical values
>  			- string
>  
> +		HP specific types
> +		-----------------
> +			- ordered-list - a set of ordered list valid values
> +			- sure-start - report audit logs read from BIOS

In the treevie you sent the Sure_Start attribute does not have
a "current_value".
This indicated that it's not actually a firmware attribute but just some
standalone sysfs attribute.

In this case it should not be documented here, but handled the same way
as the SPM stuff.
Jorge Lopez April 24, 2023, 4:11 p.m. UTC | #2
Hi Thomas,


On Sat, Apr 22, 2023 at 3:51 PM Thomas Weißschuh <thomas@t-8ch.de> wrote:
>
> On 2023-04-20 11:54:41-0500, Jorge Lopez wrote:
> > Based on the latest platform-drivers-x86.git/for-next
> > ---
> >  .../testing/sysfs-class-firmware-attributes   | 98 ++++++++++++++++++-
> >  1 file changed, 96 insertions(+), 2 deletions(-)
> >
> > diff --git a/Documentation/ABI/testing/sysfs-class-firmware-attributes b/Documentation/ABI/testing/sysfs-class-firmware-attributes
> > index 4cdba3477176..73d7b8fbc0b2 100644
> > --- a/Documentation/ABI/testing/sysfs-class-firmware-attributes
> > +++ b/Documentation/ABI/testing/sysfs-class-firmware-attributes
> > @@ -22,6 +22,12 @@ Description:
> >                       - integer: a range of numerical values
> >                       - string
> >
> > +             HP specific types
> > +             -----------------
> > +                     - ordered-list - a set of ordered list valid values
> > +                     - sure-start - report audit logs read from BIOS
>
> In the treevie you sent the Sure_Start attribute does not have
> a "current_value".
> This indicated that it's not actually a firmware attribute but just some
> standalone sysfs attribute.
>
> In this case it should not be documented here, but handled the same way
> as the SPM stuff.

I will update the documentation as indicated.

Regards,

Jorge
Thomas Weißschuh April 24, 2023, 8:52 p.m. UTC | #3
Hi Jorge,

On 2023-04-24 11:11:41-0500, Jorge Lopez wrote:
> On Sat, Apr 22, 2023 at 3:51 PM Thomas Weißschuh <thomas@t-8ch.de> wrote:
> >
> > On 2023-04-20 11:54:41-0500, Jorge Lopez wrote:
> > > Based on the latest platform-drivers-x86.git/for-next
> > > ---
> > >  .../testing/sysfs-class-firmware-attributes   | 98 ++++++++++++++++++-
> > >  1 file changed, 96 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/Documentation/ABI/testing/sysfs-class-firmware-attributes b/Documentation/ABI/testing/sysfs-class-firmware-attributes
> > > index 4cdba3477176..73d7b8fbc0b2 100644
> > > --- a/Documentation/ABI/testing/sysfs-class-firmware-attributes
> > > +++ b/Documentation/ABI/testing/sysfs-class-firmware-attributes
> > > @@ -22,6 +22,12 @@ Description:
> > >                       - integer: a range of numerical values
> > >                       - string
> > >
> > > +             HP specific types
> > > +             -----------------
> > > +                     - ordered-list - a set of ordered list valid values
> > > +                     - sure-start - report audit logs read from BIOS
> >
> > In the treevie you sent the Sure_Start attribute does not have
> > a "current_value".
> > This indicated that it's not actually a firmware attribute but just some
> > standalone sysfs attribute.
> >
> > In this case it should not be documented here, but handled the same way
> > as the SPM stuff.
> 
> I will update the documentation as indicated.

This will also need changes to the code.
Only the audit log stuff is needed then.
Jorge Lopez April 24, 2023, 9:35 p.m. UTC | #4
Hi Thomas,

On Mon, Apr 24, 2023 at 3:52 PM Thomas Weißschuh <thomas@t-8ch.de> wrote:
>
> Hi Jorge,
>
> On 2023-04-24 11:11:41-0500, Jorge Lopez wrote:
> > On Sat, Apr 22, 2023 at 3:51 PM Thomas Weißschuh <thomas@t-8ch.de> wrote:
> > >
> > > On 2023-04-20 11:54:41-0500, Jorge Lopez wrote:
> > > > Based on the latest platform-drivers-x86.git/for-next
> > > > ---
> > > >  .../testing/sysfs-class-firmware-attributes   | 98 ++++++++++++++++++-
> > > >  1 file changed, 96 insertions(+), 2 deletions(-)
> > > >
> > > > diff --git a/Documentation/ABI/testing/sysfs-class-firmware-attributes b/Documentation/ABI/testing/sysfs-class-firmware-attributes
> > > > index 4cdba3477176..73d7b8fbc0b2 100644
> > > > --- a/Documentation/ABI/testing/sysfs-class-firmware-attributes
> > > > +++ b/Documentation/ABI/testing/sysfs-class-firmware-attributes
> > > > @@ -22,6 +22,12 @@ Description:
> > > >                       - integer: a range of numerical values
> > > >                       - string
> > > >
> > > > +             HP specific types
> > > > +             -----------------
> > > > +                     - ordered-list - a set of ordered list valid values
> > > > +                     - sure-start - report audit logs read from BIOS
> > >
> > > In the treevie you sent the Sure_Start attribute does not have
> > > a "current_value".
> > > This indicated that it's not actually a firmware attribute but just some
> > > standalone sysfs attribute.
> > >
> > > In this case it should not be documented here, but handled the same way
> > > as the SPM stuff.
> >
> > I will update the documentation as indicated.
>
> This will also need changes to the code.
> Only the audit log stuff is needed then.

Ok.  Sure_Start will only report two entries; audit_log_entries and
audit_log_entry_count.
Other entries such display_name, type and display_name_language will be removed
Hans de Goede April 26, 2023, 1:04 p.m. UTC | #5
Hi Jorge, Thomas,

Thank you both so much for all your work on this!

The userspace API of this looks like it is pretty much
done now (after the discussed changes for
the "Sure_Start" attribute), which is great.

I have one small remark below (inline).

On 4/20/23 18:54, Jorge Lopez wrote:

<snip>

> diff --git a/Documentation/ABI/testing/sysfs-class-firmware-attributes b/Documentation/ABI/testing/sysfs-class-firmware-attributes
> index 4cdba3477176..73d7b8fbc0b2 100644
> --- a/Documentation/ABI/testing/sysfs-class-firmware-attributes
> +++ b/Documentation/ABI/testing/sysfs-class-firmware-attributes
> @@ -22,6 +22,12 @@ Description:
>  			- integer: a range of numerical values
>  			- string
>  
> +		HP specific types
> +		-----------------
> +			- ordered-list - a set of ordered list valid values
> +			- sure-start - report audit logs read from BIOS
> +
> +
>  		All attribute types support the following values:
>  
>  		current_value:
> @@ -126,6 +132,44 @@ Description:
>  					value will not be effective through sysfs until this rule is
>  					met.
>  
> +		HP specific class extensions
> +		------------------------------
> +
> +		On HP systems the following additional attributes are available:
> +
> +		"ordered-list"-type specific properties:
> +
> +		elements:
> +					A file that can be read to obtain the possible
> +					list of values of the <attr>. Values are separated using
> +					semi-colon (``;``). The order individual elements are listed
> +					according to their priority.  An Element listed first has the
> +					highest priority. Writing the list in a different order to
> +					current_value alters the priority order for the particular
> +					attribute.
> +
> +		"sure-start"-type specific properties:
> +
> +		audit_log_entries:
> +					A read-only file that returns the events in the log.
> +					Values are separated using semi-colon (``;``)

Looking at the documented format which seems to be 128 raw bytes per entry, I think
that the "Values are separated using semi-colon (``;``)" line is not correct here
and that line should not removed here ?

But maybe I'm misunderstanding things here. Do you have an example
of what catting (or "hexdump -C"-ing if binary)
the "audit_log_entries" sysfs file looks like ? 



> +
> +					Audit log entry format
> +
> +					Byte 0-15:   Requested Audit Log entry  (Each Audit log is 16 bytes)
> +					Byte 16-127: Unused
> +
> +		audit_log_entry_count:
> +					A read-only file that returns the number of existing audit log events available to be read.
> +					Values are separated using comma (``,``)
> +
> +					[No of entries],[log entry size],[Max number of entries supported]
> +
> +					log entry size identifies audit log size for the current BIOS version.
> +					The current size is 16 bytes but it can be to up to 128 bytes long
> +					in future BIOS versions.
> +
> +
>  What:		/sys/class/firmware-attributes/*/authentication/
>  Date:		February 2021
>  KernelVersion:	5.11

<snip>

> @@ -311,7 +364,7 @@ Description:
>  			==	=========================================
>  			0	All BIOS attributes setting are current
>  			1	A reboot is necessary to get pending BIOS
> -			        attribute changes applied
> +				attribute changes applied
>  			==	=========================================
>  
>  		Note, userspace applications need to follow below steps for efficient

This seems like an unrelated whitespace change which
has accidentally ended up in this patch.

Regards,

Hans


p.s.

I'll also read / catch up with all the comments on the actual implementation
(patches 2-14) and I'll let you know if I have any remarks there.
diff mbox series

Patch

diff --git a/Documentation/ABI/testing/sysfs-class-firmware-attributes b/Documentation/ABI/testing/sysfs-class-firmware-attributes
index 4cdba3477176..73d7b8fbc0b2 100644
--- a/Documentation/ABI/testing/sysfs-class-firmware-attributes
+++ b/Documentation/ABI/testing/sysfs-class-firmware-attributes
@@ -22,6 +22,12 @@  Description:
 			- integer: a range of numerical values
 			- string
 
+		HP specific types
+		-----------------
+			- ordered-list - a set of ordered list valid values
+			- sure-start - report audit logs read from BIOS
+
+
 		All attribute types support the following values:
 
 		current_value:
@@ -126,6 +132,44 @@  Description:
 					value will not be effective through sysfs until this rule is
 					met.
 
+		HP specific class extensions
+		------------------------------
+
+		On HP systems the following additional attributes are available:
+
+		"ordered-list"-type specific properties:
+
+		elements:
+					A file that can be read to obtain the possible
+					list of values of the <attr>. Values are separated using
+					semi-colon (``;``). The order individual elements are listed
+					according to their priority.  An Element listed first has the
+					highest priority. Writing the list in a different order to
+					current_value alters the priority order for the particular
+					attribute.
+
+		"sure-start"-type specific properties:
+
+		audit_log_entries:
+					A read-only file that returns the events in the log.
+					Values are separated using semi-colon (``;``)
+
+					Audit log entry format
+
+					Byte 0-15:   Requested Audit Log entry  (Each Audit log is 16 bytes)
+					Byte 16-127: Unused
+
+		audit_log_entry_count:
+					A read-only file that returns the number of existing audit log events available to be read.
+					Values are separated using comma (``,``)
+
+					[No of entries],[log entry size],[Max number of entries supported]
+
+					log entry size identifies audit log size for the current BIOS version.
+					The current size is 16 bytes but it can be to up to 128 bytes long
+					in future BIOS versions.
+
+
 What:		/sys/class/firmware-attributes/*/authentication/
 Date:		February 2021
 KernelVersion:	5.11
@@ -206,7 +250,7 @@  Description:
 		Drivers may emit a CHANGE uevent when a password is set or unset
 		userspace may check it again.
 
-		On Dell and Lenovo systems, if Admin password is set, then all BIOS attributes
+		On Dell, Lenovo and HP systems, if Admin password is set, then all BIOS attributes
 		require password validation.
 		On Lenovo systems if you change the Admin password the new password is not active until
 		the next boot.
@@ -296,6 +340,15 @@  Description:
 						echo "signature" > authentication/Admin/signature
 						echo "password" > authentication/Admin/certificate_to_password
 
+		HP specific class extensions
+		--------------------------------
+
+		On HP systems the following additional settings are available:
+
+		role: enhanced-bios-auth:
+					This role is specific to Secure Platform Management (SPM) attribute.
+					It requires configuring an endorsement (kek) and signing certificate (sk).
+
 
 What:		/sys/class/firmware-attributes/*/attributes/pending_reboot
 Date:		February 2021
@@ -311,7 +364,7 @@  Description:
 			==	=========================================
 			0	All BIOS attributes setting are current
 			1	A reboot is necessary to get pending BIOS
-			        attribute changes applied
+				attribute changes applied
 			==	=========================================
 
 		Note, userspace applications need to follow below steps for efficient
@@ -364,3 +417,44 @@  Description:
 		use it to enable extra debug attributes or BIOS features for testing purposes.
 
 		Note that any changes to this attribute requires a reboot for changes to take effect.
+
+
+		HP specific class extensions - Secure Platform Manager (SPM)
+		--------------------------------
+
+What:		/sys/class/firmware-attributes/*/authentication/SPM/kek
+Date:		March 29
+KernelVersion:	5.18
+Contact:	"Jorge Lopez" <jorge.lopez2@hp.com>
+Description:	'kek' Key-Encryption-Key is a write-only file that can be used to configure the
+		RSA public key that will be used by the BIOS to verify
+		signatures when setting the signing key.  When written,
+		the bytes should correspond to the KEK certificate
+		(x509 .DER format containing an OU).  The size of the
+		certificate must be less than or equal to 4095 bytes.
+
+
+What:		/sys/class/firmware-attributes/*/authentication/SPM/sk
+Date:		March 29
+KernelVersion:	5.18
+Contact:	"Jorge Lopez" <jorge.lopez2@hp.com>
+Description:	'sk' Signature Key is a write-only file that can be used to configure the RSA
+		public key that will be used by the BIOS to verify signatures
+		when configuring BIOS settings and security features.  When
+		written, the bytes should correspond to the modulus of the
+		public key.  The exponent is assumed to be 0x10001.
+
+
+What:		/sys/class/firmware-attributes/*/authentication/SPM/status
+Date:		March 29
+KernelVersion:	5.18
+Contact:	"Jorge Lopez" <jorge.lopez2@hp.com>
+Description:	'status' is a read-only file that returns ASCII text in JSON format reporting
+		the status information.
+
+		  "State": "not provisioned | provisioned | provisioning in progress ",
+		  "Version": " Major. Minor ",
+		  "Nonce": <16-bit unsigned number display in base 10>,
+		  "FeaturesInUse": <16-bit unsigned number display in base 10>,
+		  "EndorsementKeyMod": "<256 bytes in base64>",
+		  "SigningKeyMod": "<256 bytes in base64>"